From: Justin Suess <utilityemal77@gmail.com>
To: linux-security-module@vger.kernel.org,
"Mickaël Salaün" <mic@digikod.net>
Cc: "Günther Noack" <gnoack@google.com>,
"Justin Suess" <utilityemal77@gmail.com>
Subject: [PATCH] landlock: Clarify LANDLOCK_RULE_PATH_BENEATH properties in documentation
Date: Thu, 5 Mar 2026 10:15:07 -0500 [thread overview]
Message-ID: <20260305151507.2563776-1-utilityemal77@gmail.com> (raw)
Add paragraph to Landlock userspace documentation clarifying the strictly
cumulative property of access rights with respect to the file hierarchy.
Signed-off-by: Justin Suess <utilityemal77@gmail.com>
---
Documentation/userspace-api/landlock.rst | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/Documentation/userspace-api/landlock.rst b/Documentation/userspace-api/landlock.rst
index 13134bccdd39..d02036bb2893 100644
--- a/Documentation/userspace-api/landlock.rst
+++ b/Documentation/userspace-api/landlock.rst
@@ -173,6 +173,17 @@ this file descriptor.
return 1;
}
+The effective access rights for a path are the union of the access rights on
+the path and all its parents. For instance, in this example, ``/usr/bin/grep``
+inherits rights granted on ``/usr``, in addition to any rights we choose to
+grant on ``/usr/bin`` and ``/usr/bin/grep``. Because
+``LANDLOCK_RULE_PATH_BENEATH`` rights are cumulative, they can only increase
+down the file hierarchy. Therefore, child paths cannot have fewer effective
+access rights than their parents. This cumulative behavior is a key property of
+``LANDLOCK_RULE_PATH_BENEATH`` and requires careful ruleset design to minimize
+granted accesses. Please see the :ref:`Good practices` section for more
+details.
+
It may also be required to create rules following the same logic as explained
for the ruleset creation, by filtering access rights according to the Landlock
ABI version. In this example, this is not required because all of the requested
base-commit: f300a1c3a8ae4abca60913b4d26c405a905e4702
prerequisite-patch-id: 2b17c4f0b741a703f61294989a53677de0b1a54d
--
2.51.0
next reply other threads:[~2026-03-05 15:15 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-05 15:15 Justin Suess [this message]
2026-03-06 7:39 ` [PATCH] landlock: Clarify LANDLOCK_RULE_PATH_BENEATH properties in documentation Günther Noack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260305151507.2563776-1-utilityemal77@gmail.com \
--to=utilityemal77@gmail.com \
--cc=gnoack@google.com \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox